From: Goswin von Brederlow <goswin-v-b@web.de>
To: Xavier Leroy <Xavier.Leroy@inria.fr>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Hashtbl and security
Date: Mon, 30 Jan 2012 11:54:47 +0100 [thread overview]
Message-ID: <87vcnt31fs.fsf@frosties.localnet> (raw)
In-Reply-To: <4F0097E6.2090701@inria.fr> (Xavier Leroy's message of "Sun, 01 Jan 2012 18:29:10 +0100")
Xavier Leroy <Xavier.Leroy@inria.fr> writes:
> On 01/01/2012 01:52 PM, Richard W.M. Jones wrote:
>> On Fri, Dec 30, 2011 at 06:06:26PM +0100, Xavier Leroy wrote:
>>> Indeed. The optional "seed" parameter to Hashtbl.create does exactly
>>> this in the new implementation of Hashtbl (the one based on Murmur3).
>>
>> It may be worth noting that Perl solved this problem (back in 2003) by
>> unconditionally using a seed which is a global set to a random number
>> during interpreter initialization.
>
> That's how my initial reimplementation of Hashtbl worked, using the
> Random module to produce seeds, but I was told (correctly) that in
> security-sensitive applications it's better to leave the generation of
> random numbers under control of the programmer. For some applications
> Random.self_init might be good enough and for others stronger
> randomness is needed.
>
> Of course, you can trivially emulate Perl's behavior using the new
> Hashtbl implementation + the Random module.
>
> - Xavier Leroy
It is also crucial if you are doing performance tests or debugging. You
want the same behaviour on every run for that.
MfG
Goswin
next prev parent reply other threads:[~2012-01-30 10:54 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 16:44 Gerd Stolpmann
2011-12-30 16:48 ` Yaron Minsky
2011-12-30 19:01 ` David Allsopp
2011-12-30 20:52 ` Yaron Minsky
2011-12-30 21:54 ` Gerd Stolpmann
2011-12-30 17:06 ` Xavier Leroy
2011-12-30 21:16 ` Gerd Stolpmann
2011-12-31 0:57 ` oliver
2011-12-31 0:59 ` oliver
2012-01-01 12:52 ` Richard W.M. Jones
2012-01-01 17:29 ` Xavier Leroy
2012-01-01 21:04 ` Gerd Stolpmann
2012-01-01 23:24 ` oliver
2012-01-01 23:58 ` Gerd Stolpmann
2012-01-02 1:43 ` oliver
2012-01-04 17:56 ` Damien Doligez
2012-01-04 21:52 ` oliver
2012-01-02 9:34 ` David MENTRE
2012-01-30 10:54 ` Goswin von Brederlow [this message]
2011-12-30 17:40 ` rixed
2011-12-30 17:52 ` Edgar Friendly
2011-12-31 1:02 ` oliver
2011-12-31 0:33 ` oliver
2012-01-02 0:21 ` Shawn Wagner
2012-01-02 14:52 ` Gerd Stolpmann
2012-01-30 10:51 ` Goswin von Brederlow
2012-01-31 14:16 ` Gerd Stolpmann
2012-02-08 9:41 ` Goswin von Brederlow
2012-02-08 10:43 ` Philippe Wang
2012-02-08 10:46 ` AUGER Cédric
2012-02-09 13:22 ` Goswin von Brederlow
2012-02-09 14:48 ` Gerd Stolpmann
2012-02-08 11:12 ` Gerd Stolpmann
2012-02-09 13:11 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vcnt31fs.fsf@frosties.localnet \
--to=goswin-v-b@web.de \
--cc=Xavier.Leroy@inria.fr \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox